Text Exploits
31,329 exploits tracked across all sources.
BCM43xx - RCE
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
by 649
CVSS 9.8
WordPress Plugin WP Vault 0.8.6.6 - Local File Inclusion
by Lenon Leite
Microsoft Internet Explorer - Memory Corruption
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0067, and CVE-2016-0072.
by Skylined
CVSS 8.8
Redhat Jboss Enterprise Application P... - Insecure Deserialization
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
by Mediaservice.net Srl.
CVSS 8.8
Trend Micro IWSVA <6.5-CP-1737 - XSS
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolved in Version 6.5 CP 1737.
by SlidingWindow
CVSS 5.4
Tenda/Dlink/Tplink TD-W8961ND - 'DHCP' Cross-Site Scripting
by Vulnerability-Lab
Microsoft Windows - Privilege Escalation
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
by IOactive
CVSS 7.8
SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML External Entity Injection
by ERPScan
Huawei UTPS <UTPS-V200R003B015D16SPC00C983 - Privilege Escalation
Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed.
by Dhruv Shah
CVSS 6.7
EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery / Remote Command Execution
by hyp3rlinx
Linux kernel <4.5.2 - Privilege Escalation
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
by halfdog
CVSS 7.8
Linux kernel <4.5.2 - Privilege Escalation
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
by halfdog
CVSS 7.8
AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting
by Julien Ahrens
Crestron AirMedia <1.4.0.13 - Path Traversal
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
by Zach Lanier
CVSS 7.5
WordPress Plugin Olimometer 2.56 - SQL Injection
by TAD GROUP
LEPTON 2.2.2 - Remote Code Execution
by Curesec Research Team
FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery
by Curesec Research Team
Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal
by Julien Ahrens
By Source